FBI launches global alert for cyber attack and asks to restart the routers

The agency warns that cybercriminals could collect data or cut internet access.

After it was learned on Friday that a group of cybercriminals infected more than 500,000 routers and cloud storage devices with malware in 54 countries, the FBI asked the owners of several brands of these devices to turn them off and on again. and to download updates from manufacturers to protect themselves. The US agency launched a global alert and noted that Russian cybercriminals compromised hundreds of thousands of home and office routers and could collect user information or terminate network traffic.The warning came after an order issued Wednesday by a court that authorized the FBI to intervene a website that hackers planned to use instructions to the routers. Although infections were detected in more than 50 countries, the main target for future actions was probably Ukraine, site of many recent infections and battlefield of the cyber war for some time. Upon obtaining the warrant, the Department of Justice said that the hackers involved were in a group called Sofacy, which responded to the Russian government. Sofacy, also known as APT28 and 'Fancy Bear', has been blamed for many of the most dramatic Russian hacks, including the Democratic National Committee during the 2016 presidential campaign in the United States. Cisco Systems Inc said the attack was targeting devices from Linksys of Belkin International, MikroTik, Netgear Inc., TP-Link, and QNAP. According to the researchers, it is a sophisticated system of modular malware, called 'VPNFilter', with which it would be possible to carry out a large-scale attack. " The malware has a destructive capacity to be able to leave unusable an infected device, which can be activated in machines of individual victims or en masse. In addition, it has the potential to cut off Internet access for hundreds of thousands of victims around the world, "highlights the Cisco report, which shared the technical details of its investigation with the governments of the United States and Ukraine. Experts say that Russia has carried out a series of attacks against companies in Ukraine for more than a year, amid armed hostilities between the two countries, causing hundreds of millions of dollars in damages and at least one power blackout. The document also details that this type of devices are difficult to protect because they are on the perimeter of the network, without a protection system and without integrated antimalware capabilities.Cisco recommended users who have some of these routers to contact the manufacturer to ensure that their device is updated with the latest versions of security patches.